The Fifth Amendment right against compelled self-incrimination would be breached if two insider trading suspects were forced to turn over the passcodes of their locked mobile phones to the Securities and Exchange Commission, a federal judge ruled Wednesday.

“We find, as the SEC is not seeking business records but Defendants’ personal thought processes, Defendants may properly invoke their Fifth Amendment right,” US District Judge Mark Kearney of Pennsylvania wrote.

The decision comes amid a growing global debate about encryption and whether the tech sector should build backdoors into their wares to grant the authorities access to locked devices. Ars reported today that an Obama administration working group “considered four backdoors that tech companies could adopt to allow government investigators to decipher encrypted communications stored on phones of suspected terrorists or criminals.”

Without this capability, the authorities are trying to get suspects to cough up their passwords instead. The Supreme Court has never ruled on the constitutionality of the issue. There’s been a smattering of varying court rulings nationwide on the topic. In 2012, a federal appeals court said that forcing a child-porn suspect to decrypt password-protected hard drives would amount to a Fifth Amendment violation.

In the latest case, the SEC is investigating two former Capital One data analysts who allegedly used insider information associated with their jobs to trade stocks—in this case, a $150,000 investment allegedly turned into $2.8 million. Regulators suspect the mobile devices are holding evidence of insider trading and demanded that the two turn over their passcodes.

The defendants balked at supplying their passcodes, saying the Fifth Amendment protected them. The judge agreed and said that the government was going on a fishing expedition:

Here, the SEC proffers no evidence rising to a “reasonable particularity” any of the documents it alleges reside in the passcode protected phones. Instead, it argues only possession of the smartphones and Defendants were the sole users and possessors of their respective work-issued smartphones. SEC does not show the “existence” of any requested documents actually existing on the smartphones. Merely possessing the smartphones is insufficient if the SEC cannot show what is actually on the device.

Orin Kerr, a constitutional scholar and former federal prosecutor, suggested that the “Fifth Amendment issues raised by the content of the passcode could be addressed by having the defendants just enter in their passcodes rather than handing them over to the government.”

Kerr added, “Having the defendant enter in his passcode would minimize the Fifth Amendment implications of the compelled compliance, as it would not involve disclosing the potentially incriminating evidence of the passcode itself.”